BIOS Password Backdoors in Laptops

I thought that BIOS password is very good for computers, because in BIOS you can deny to boot from all devices like CD-ROM’s and USB devices and let boot only from one selected hard drive.  It’s very useful by administrators in firms. Firms computers usually have a lot of restrictions against and if user can boot from CD or USB than all restriction policies are useless. I very rarely use my bios so I forgot it. I searcher how to remove this password and found 3 possibilities:

            1) Remove battery and backup battery and wait little bit.

            2) Found pins on motherboard and short cut tem to remove password.

            3) Use some kind of software bios remover.

With two first possibilities need to use screw driver to open laptop case. So I ignore them.

As you know bios password is stored in Flash ROM. So what is need is to read that ROM and try to search ten password. But vendors not always store password in plain text, but stores password hash. And for example my when you try to enter invalid password then system disables and shows password hash. So what you need is to use brute force attack and guess password. Most BIOS passwords only can have upper case, lowercase and digits, and bios password is limited to 8 symbols. And ordinary pc can decrypt password in less then 16 minutes. But in this site are used reverse engineering password generators. Those python scripts generates password from hash immediately.

This entry was posted in IT Security, Week 15. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s